X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=debian%2Fpostinst;h=941cdccc39c94eb84f3542eddae8187babfc15a5;hb=ed9c8bc9f8313d02a198b456e3d97fcd2d86521b;hp=e9923d78c9219196743c63d455127a9b7356f805;hpb=eb37ec66b33ffb28c3a28fae57326403db609a25;p=apache2-cn.git diff --git a/debian/postinst b/debian/postinst index e9923d7..941cdcc 100755 --- a/debian/postinst +++ b/debian/postinst @@ -29,15 +29,13 @@ esac PKG="apache2-cn" VERSION="2.2-1" CONFDIR="/etc/apache2" -CONFDIROLD="/etc/apache" CONF="$CONFDIR/apache2.conf" -CONFOLD="$CONFDIROLD/httpd.conf" A2MODEDIR="$CONFDIR/mods-enabled" PORTCONF="$CONFDIR/ports.conf" A2CNDIR=/usr/share/apache2-cn TMPLDIR=$A2CNDIR/templates CERTDIR=/etc/ssl/certs -A2PHPINI="/etc/php4/apache2/php.ini" +A2PHPINI="/etc/php5/apache2/php.ini" HOST=$(hostname) FQDN=$(hostname --fqdn) @@ -137,6 +135,9 @@ conf_log_fix () { $conf_file > $out mv $out $conf_file fi + + # Be sure.. + chmod 644 $conf_file fi } @@ -156,15 +157,20 @@ generate_ssl () { # Check if port 443 is configured in ports.conf file. # listen_ssl() { - - if ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then + + if [ ! -f "$PORTCONF" ] || ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then cp_echo "CN: Enabling SSL port (443) for Apache2 web server." out=$(mktemp ${PORTCONF}.XXXXXX) - cp $PORTCONF $out + + if [ -f "$PORTCONF" ]; then + cp $PORTCONF $out + fi + echo "Listen 443" >> $out cp_mv $out $PORTCONF + chmod 644 $PORTCONF need_restart=1 temp_files="${temp_files} ${out}" @@ -311,19 +317,23 @@ trap cleanup 0 1 2 15 # Make sure that monit conf for Apache is disabled. +# if [ -f "/etc/monit.d/apache1.conf" ]; then mv /etc/monit.d/apache1.conf /etc/monit.d/apache1.conf.disabled pkill -9 -f /usr/sbin/monit || true fi -# First of all - stop Apache web server, make sure Apache is NOT running. +# Make sure Apache is NOT running. # -if [ -x /usr/sbin/invoke-rc.d ]; then - [ -x /usr/sbin/apache ] && invoke-rc.d apache stop || true - pkill -9 -f /usr/sbin/apache || true -else - [ -x /etc/init.d/apache ] && /etc/init.d/apache stop || true +if [ -x /etc/init.d/apache ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d apache stop || true + else + /etc/init.d/apache stop || true + fi + + pkill -9 -f '/usr/sbin/apache$' || true fi @@ -358,7 +368,7 @@ if [ $backup_done -eq 1 ]; then fi -# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php4, ssl). +# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php5, ssl). # if [ -e "$CONF" ]; then @@ -386,10 +396,20 @@ if [ -e "$CONF" ]; then need_restart=1 fi + if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then + if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then + cp_echo "CN: Enabling PHP5 module for Apache2 web server." + a2enmod php5 >/dev/null || true + need_restart=1 + fi + fi + if [ ! -e "$A2MODEDIR/php4.load" ] || [ ! -e "$A2MODEDIR/php4.conf" ]; then + if [ -e "/usr/lib/apache2/modules/libphp4.so" ]; then cp_echo "CN: Enabling PHP4 module for Apache2 web server." a2enmod php4 >/dev/null || true need_restart=1 + fi fi if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then @@ -468,9 +488,12 @@ fi # Add VirtualHosts. +# - on fresh install # -db_get apache2-cn/wwwhost || true -if [ "$RET" = "true" ]; then +if [ -z "$2" ]; then + + db_get apache2-cn/wwwhost || true + if [ "$RET" = "true" ]; then # Add WWW VirtualHost. if [ -f "$CONFDIR/sites-available/$FQDN" ]; then @@ -481,17 +504,17 @@ if [ "$RET" = "true" ]; then fi chk_conf_tag "$CONFDIR/sites-available/$FQDN" - if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then + if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN need_restart=1 fi chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN" - if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then + if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 ]; then install_vhost default www.$DOMAIN www.$DOMAIN need_restart=1 fi -else + else # No WWW VirtualHost. if [ -f "$CONFDIR/sites-available/$FQDN" ]; then @@ -499,10 +522,11 @@ else fi chk_conf_tag "$CONFDIR/sites-available/$FQDN" - if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then + if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN need_restart=1 fi + fi fi @@ -516,7 +540,7 @@ if [ $apache2_sslcert -eq 0 ]; then # No active SSL VirtualHosts found - add new one. chk_conf_tag "$CONFDIR/sites-available/ssl" - if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then + if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 ]; then install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl need_restart=1 fi @@ -531,7 +555,7 @@ if [ $apache2_sslcert -eq 0 ]; then if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX) - temp_files="${temp_files} ${SSLTMP}" + temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old" cp ${CONFDIR}/sites-available/ssl $SSLTMP # SSLCertificateFile @@ -546,9 +570,9 @@ if [ $apache2_sslcert -eq 0 ]; then # SSLCertificateChainFile if [ -n "$apache2_sslccf" ]; then - cp_check_and_sed "^# SSLCertificateChainFile \/etc\/ssl\/certs/sureserverEDU\.pem" \ - "s#\# SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem#SSLCertificateChainFile $apache2_sslccf #g" \ - $SSLTMP || true + cp_check_and_sed "^# SSLCertificateChainFile \/etc\/ssl\/certs/sureserverEDU\.pem" \ + "s#\# SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem#SSLCertificateChainFile $apache2_sslccf #g" \ + $SSLTMP || true fi cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl @@ -556,13 +580,24 @@ if [ $apache2_sslcert -eq 0 ]; then need_restart=1 # Just to be sure. - if [ -e "$SSLTMP" ]; then - rm -f $SSLTMP - fi + [ -e "${SSLTMP}" ] && rm -f ${SSLTMP} + [ -e "${SSLTMP}.cn-old" ] && rm -f ${SSLTMP}.cn-old fi fi +# Check file access permissions for SSL certificates. +# +cp_echo "CN: Checking file access permissions for Apache2 SSL certificates." +sslkey=/etc/ssl/private +sslcerts="${sslkey}/ca.key ${sslkey}/apache2-ca.key ${sslkey}/apache2.key" +for certf in $sslcerts; do + if [ -f "$certf" ]; then + chmod 600 $certf + fi +done + + # Check for CustomLog, ErrorLog and TransferLog in Apache2 configuration. # cp_echo "CN: Checking Apache2 CustomLog, ErrorLog and TransferLog directives." @@ -671,6 +706,7 @@ cp_mail "$PKG" # (re)generate monit.d files if monit-cn is installed. # if [ -x "/usr/sbin/update-monit.d" ]; then + cp_echo "CN: Updating monit configuration..." update-monit.d || true fi